Antivirus Soft also known as Antispyware Soft is a new rogue antispyware program from the same family of malware as Antivirus Live. The program is distributed with the help of trojans. When the trojan is started, it will download and install Antivirus Soft onto your computer and configure it to run automatically when you logon to Windows.
When Antivirus Soft is started, it will imitate a system scan and detect a lot of various infections that will not be fixed unless you first purchase the program. Important to know, all of these reported infections are fake and don’t actually exist on your computer! So you can safely ignore the scan results that Antivirus Soft gives you.
While Antivirus Soft is running, it will block the ability to run any programs as a method to scare you into thinking that your computer is infected with malware. The following warning will be shown when you try to run the Notepad:
Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.
What is more, the rogue will flood your computer with warnings and fake security alerts. Some of the alerts:
Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.
Windows Security alert
Application cannot be executed. The file rundll32.exe is
infected.
Do you want to activate your antvirus software now?
Last but not least, Antivirus Soft will hijack Internet Explorer so that it will randomly show a warning page with the “Internet Explorer Warning – visiting this web site may harm your computer!” header. Of course, all of above warnings and alerts nothing more but a scam and like false scan results should be ignored!
As you can see, Antivirus Soft is a scam that designed with one purpose to trick you into purchasing so-called full version of the program. Do not be fooled into buying the software! Instead of doing so, follow the removal guide below in order to remove Antivirus Soft and any associated malware from your computer for free.
Symptoms in a HijackThis Log
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]ftav.exe
O4 – HKLM\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]tssd.exe
O4 – HKCU\..\Run: [RANDOM] %UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]tssd.exe
Use the following instructions to remove Antivirus Soft or Antispyware Soft (Uninstall instructions)
Step 1.
Download HijackThis from here, but before saving HijackThis.exe, rename it first to iexplore.exe and click Save button to save it to desktop. If you can`t download the program, the you should repair the proxy settings of Internet Explorer. Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK. Click Apply. Click OK.
Doubleclick on the iexplore.exe on your desktop for run HijackThis. HijackThis main menu opens.
Click “Do a system scan only” button. Look for lines that looks like:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O4 – HKLM\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [arlsknkw] C:\Documents and Settings\user\Local Settings\Application Data\lqtwnu\wqcmsysguard.exe
O4 – HKCU\..\Run: [vcspymsv] “C:\Users\Owner\AppData\Local\bbenmt\badwsftav.exe”
O4 – HKCU\..\Run: [udcqinjy] “C:\Users\Owner\AppData\Local\rhjimj\bogjsftav.exe“
Note: list of infected items may be different, but all of them have “sysguard.exe” or “tssd.exe” string in a right side and “O4″ in a left side.
Place a checkmark against each of them. Once you have selected all entries, close all running programs then click once on the “fix checked” button. Close HijackThis.
Step 2.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for Antivirus Soft infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start Antivirus Soft removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Antivirus Soft (Antispyware Soft) creates the following files and folders
%UserProfile%\Local Settings\Application Data\[RANDOM]
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
Antivirus Soft (Antispyware Soft) creates the following registry keys and values
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[RANDOM]
I’m telling you guys, you are taking the hardest route possible. Its easy, just reboot and during the short time between the start up and the activation of the virus (its a program like anything else and takes time to auto load) and go download “Microsoft security essentials” its free and it got all of it, I tried this three days ago! it works! And its simple!
Thankyou,Thankyou,Thankyou very helpful and straight forward. The only thing though now when i reboot i get an error message saying: GetDriveLayOut: CreateFile fail ! The system cannot find the file specified. I think it has something to do with my VIA Raid utility, as when i click ok it flashes up quickly but everything seems fine other than that.
Patrik, Thank you so much for your help. My computer is now working thanks to you. Malware bytes works great! Thank you, again, for your help!
Cheri, run HijackThis and fix a line like below:
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
Kevin, you need fix the R1 and O4 entries only that i have posted above. Please be very careful, do NOT fix any other entries!
I only found one random-name file, but as soon as I used the hijackthis software to deletre it, I stopepd getting all the alerts…although, the icon in the taskbar shows that it is still running…I’m scanning with antimalware right now…
Please someone help me , I change my cable company before a chance to install security, a porno web enter my computer I want them out I don’t know how, I’m a Senior femele help me please. sincerly thank you all of you.
The porno web side is mr800kingATaol.com
Susan, if you need a help, then please start a new topic in our Spyware removal forum.
I just used System Restore option on windows vista (quickly clicked it before the virus ran at the startup) and that solved the problem.
I used System Restore in Safe Mode and that seems to have solved the problem.
My safe mode didn’t work. My system restore did not work. Nothing on the computer would work. I hit control+alt+ delete to bring up task manager prior to the virus program booting up. (it takes time for antivirus soft to boot). In task manager I ended as many processes as i could, and luckily one of them halted antivirus soft from booting. I then ran Malwarebytes Anti Malware and it got rid of the virus. It may take a few times booting and fishing in the task manger but if you can run Malwarebytes it will get rid of it.
You guys and gals rock! Thanks so much. I tried exhaustive research and downloads. But the only thing that would work was a system roll back.
Warmest Regards,
Lee
I installed a programme to clean up my pc and afterwords microsoft advise me that I have no anti-vruse protection. Am I able to retrieve the anti-virus programme and re-instal?Get printon
I have got a similar problem with Antivirus IS.
However, I cannot view any website or open an anpplication due to the virus. Is there any way round this problem so I can use your method to uninstall it?
Ignore my last post, I have read the other posts. Almost done it, just need to work out how to get internet access back after deleting the file from Task Manager
Ok, so many websites are telling me that this Antispy Safeguard (or at least what I’m infected with), and they are all like DOWNLOAD THIS and DOWNLOAD THAT!!!!!!!! People… don’t download anything because I have tried at least 3 different kinds and nothing still has happened. I’ve looked at other posts to find out you can remove it without downloading anything. Only problem is, some of the ways require you to access the start file thingy in the bottom left corner of the screen, and right now, my screen is currently black, and I can’t access anything whatsoever :(… can anybody tell me how to access the start menu without having to click on it?
Crap, in fact, I can’t even use the shortcut button on my keyboard to access the start menu 🙁
Not only that, but there is like no program that can clean this stuff up except for Ccleaner because they are awesome like that and don’t give me freaking viruses. However, Ccleaner can’t fix the problem either. I’m about to roll into a ball and cry. Someone please help me……
Jeremy, try the instructions below:
http://www.myantispyware.com/2010/08/26/how-to-remove-fake-microsoft-security-essentials-alert/
Ok, now my computer seems to be fixed again (without buying that bogus stuff). Thanks Patrik!!!!!!!!!!!! 🙂
Hi Patrick,
I am unable to open any application in my laptop . Then How will I get into your website to download the hijackthis ? I tried doing the proxy settings as you suggested. Even then I get the same warning .any immediate help is greatly appreciated . Thanks
Rev
Rev, reboot your PC in Safe mode with networking. Run Internet Explorer, Click Tools, then select Internet Options. Select Connections Tab and click to Lan Settings button. Uncheck “Use a proxy server” box. Click OK and OK again. Download Malwarebytes and perform a scan. Remove what it found.
Thanks alot…I nearly fell for their trick but came across ur website…My computer is fixed 4 free!pls people just follow the instructions step by step…printing the steps out helps…
Hello,
I have this vexation of a virus and I’m at the point where I hardly can access anything on my computer without it being blocked by that psuedo Security Alert pop-up
after trying a couple things myself to get rid of Anti-virus Soft (which I’m guessing gave the virus time to spread more) I googled about this nuisance on another computer. So I have have followed the general directions of using Safe mode and networking to overide the internet proxy and download a virus remover. However the problem is whenever I got into Safe Mode and networking after five or six minutes my computer just shuts down inproperly before or while I download the scan.. = (
So is there any other way to get rid of the virus or am I probably at the point where I need to have a proffesional look at it. Please help?
GraceNeedsHelp, follow the steps below:
Run Internet Explorer, Click Tools -> Internet Options. Select Connections Tab and click to Lan Settings button. Click Advanced button to open Proxy settings. Copy and paste the following text into “Do not use proxy server for addresses beginning with:”
go.trendmicro.com;www.myantispyware.com;www.malwarebytes.org;Click OK to save Proxy settings, then Click OK to close Lan Settings and Click OK to close Internet Explorer settings.
Then go to step 1 above.
Oh my God… you saved my day. Because of this website I was able to remove that Antivirus software
Excellent Instructions……….
I was about to format hard drive.
Thanks for your help.
OMG…thank God, i was gonna cry, it happened today and took like 4 hours approx for me to fix it. i had DLed RKILL and MBAM first but it was STILL there after scans…and i used hijackthis and i looked but u know what? there weren’t really any sysguard.exe ends…they were RANDOM letters with exe at the end. I just deleted what i thought was wrong and it WORKS at last!! THANK YOU EVERYONE!! ALL THE HELPFUL PPL, UR MY SAVIORS!
Great info downloaded the hijackin safe mode. checked everything and deleted it. computer now runs better than before.
Thanks
Blody brilliant, great guide man.
Note: the file name’s may vary. But they’er allways in the same place (approx ofc, with some random’s inbetween)
Brilliant – this really works and very easy to follow. Thanks !!